TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Industry of Privacy Project: New Budget Benchmarking Related reading: 2013 IAPP Privacy Professionals Role, Function and Salary Survey




This spring, the IAPP looked at privacy professionals’ roles in organizations worldwide, the influence they had on budget spending and the areas over which they had primary control.

What we found was interesting on a number of levels (wow, only 18 percent of privacy professionals have decision-making power on purchasing privacy software?). But we realized that, as a benchmarking device, it was difficult to utilize.

As our members come from all manner of industries, companies of every size and shape and have roles that range from CPO to outside counsel to HR manager, it was hard to pinpoint just what kinds of privacy programs we were looking at.

So we focused more tightly.

In our most recent survey, we queried the roughly 275 privacy leads we could identify at Fortune 1000 companies and got a 23 percent response rate, giving us a sample that was alike in crucial ways: All of them were privacy leads at private, for-profit firms.

First, the big number: The average surveyed Fortune 1000 company's privacy program has a budget of $2.4 million. The median budget is $1 million.

Of course, there’s considerable variation in the Fortune 1000. The smallest company does about $2.5 billion in revenue. The largest, Wal-Mart, does almost $500 billion, about 200 times the smallest firms.

Still, these are all large companies. No start-ups or SMEs here. And we are beginning to unearth some good benchmarking data, to be released for the first time with a presentation at the Privacy Academy here in San Jose, CA.

First, the big number: The average surveyed Fortune 1000 company's privacy program has a budget of $2.4 million. The median budget is $1 million.

Twelve percent of firms have budgets of more than $5 million annually. Another 14 percent spend less than $500k annually.

Of that mean $2.4 million number, roughly $1.9 million is spent internally, the other $500k is spent externally.

Of the internal spend, 50 percent is for salary and benefits of privacy program employees.

The number of employees varies as widely as the budgets, as you might expect. One interesting way to think of the varying programs is by program maturity. We asked the respondents to characterize their own programs on a spectrum from “pre-stage” all the way to “mature stage.”

Perhaps it’s not surprising that those who called themselves pre-, early, or middle-stage reported an average of 3.3 full-time employees, while the 26 percent of firms in the mature stage reported an average of 25 full-time employees.

Further, the average firm in our sample has another 17 employees that contribute to the program in some way, shape or form.

And the programs are growing. Thirty-three percent of the companies reported an intention to hire more full- and part-time employees in the coming year. Similarly, 38 percent said they will likely increase budget in the next year, and that increase for those who intend to grow is substantial: An average estimate of 34 percent.

Just 10 percent expected budget contraction, however, they expect a reduction of 22 percent.

There are, of course, obvious caveats here. By interviewing privacy leads at firms known to have privacy programs, our data is clearly skewed high. We cannot confidently say that Fortune 1000 companies as a whole spend an average of $2.4 million dollars. There may be many companies that spend $0 on “privacy.” Further, IT budgets for breach-prevention software and other data security spends are not captured here.

Just 35 percent of respondents said they have budget authority for privacy-related software, though it remains the largest category for spend after salary and benefits.

Everything else largely comprises legal services, audit services, training for the organization and for privacy professionals, data mapping and monitoring and a host of other small spends on things like travel and privacy seals.

We release the full initial findings with a presentation here at the Privacy Academy and CSA Congress today, and will release an initial full report, which will be free to all IAPP members, within the next month.

1 Comment

If you want to comment on this post, you need to login.

  • comment Cindy • Oct 9, 2014
    Good data points. The challenge in uncovering 'real' spending for privacy is so much of it is tied up in Security and IT Spending. It would be interesting to study that aspect amongst the same respondents to uncover a more realistic cost. I expect that number would be many times higher.